<?php
include ('include/conf.php');
//begin verificare data
$id_connect = connect_to_database(HOST, USER, PASS, DATABASE);
if (logged("client"))
{
    $sesiune = mysql_real_escape_string($_POST['sesiune']);
    //get client nume
    $str = "SELECT nume FROM clienti WHERE sesiune = '$sesiune'";
    $result = mysql_query($str, $id_connect);
    $value = mysql_fetch_assoc($result);
    $nume = $value['nume'];
    //scoate tipul de operatiune
    if (isset($_POST['op']))
    {
        $op = $_POST['op'];
        //######################################################################
        if ($op == "getPhones")
        {
            $str = "SELECT marca, model, companie, cost FROM credit_clienti WHERE nume='$nume' ORDER BY marca ASC, model ASC, companie ASC";
            $result = mysql_query($str, $id_connect);
            $currentMarca = "";
            $currentModel = "";
            $currentCompanie = "";
            $tagMarcaOpen = false;
            $tagModelOpen = false;
            $continut = "<rows flag=\"1\">\r\n";
            while ($value = mysql_fetch_assoc($result))
            {
            	$cost = $value['cost'];
                if ($currentMarca != $value['marca'])
                {
                    if ($tagModelOpen)
                    {
                        $continut .= "</model>\r\n";
                    }
                    if ($tagMarcaOpen)
                    {
                        $continut .= "</marca>\r\n";
                    }
                    $tagMarcaOpen = true;
                    $tagModelOpen = true;
                    $currentMarca = $value['marca'];
                    $currentModel = $value['model'];
                    $currentCompanie = $value['companie'];
                    $continut .= "<marca nume=\"$currentMarca\">\r\n";
                    $continut .= "<model nume=\"$currentModel\">\r\n";
                    $continut .= "<companie nume=\"$currentCompanie\" cost=\"$cost\" />\r\n";
                }
                else
                {
                    if ($currentModel == $value['model'])
                    {
                        //open new companie tag
                        $currentCompanie = $value['companie'];
                        $continut .= "<companie nume=\"$currentCompanie\" cost=\"$cost\" />\r\n";
                    }
                    else
                    {
                        //open new model tag
                        if ($tagModelOpen)
                        {
                            $continut .= "</model>\r\n";
                        }
                        $currentModel = $value['model'];
                        $currentCompanie = $value['companie'];
                        $continut .= "<model nume=\"$currentModel\">\r\n";
                        $continut .= "<companie nume=\"$currentCompanie\" cost=\"$cost\" />\r\n";

                    }
                }
            }
            $continut .= "</model>\r\n";
            $continut .= "</marca>\r\n";
            $continut .= "</rows>";
            echo $continut;
        }
        //######################################################################
        if ($op == "getImeiList"){
        	$str = "SELECT marca, model, companie, cost, imei, unlock_code, data_in, status FROM coduri WHERE nume='$nume'";
        	if(isset($_POST['imei'])){
				$imei = $_POST['imei'];
				$str .= " AND imei LIKE '%$imei%'";
			}
        	$str .= " ORDER BY data_in DESC LIMIT 50";
        	$result = mysql_query($str, $id_connect);
        	$count = 0;
        	while ($value = mysql_fetch_assoc($result))
            {
                $count +=1;
                $logo = get_logo($phone_icons,$value['marca']);
                $data_intrare = date("M/d/Y H:i",$value['data_in']);
				$continut .= "<row count=\"$count\" marca=\"".$value['marca']."\" model=\"".$value['model']."\" companie=\"".$value['companie']."\" cost=\"".$value['cost']."\" imei=\"".$value['imei']."\" unlock=\"".$value['unlock_code']."\" datain=\"".$data_intrare."\" status=\"".$value['status']."\" imagmarca=\"icons/".$logo.".png\" />";
            }
            build_xml_packet2($continut);
        }
        //######################################################################
        if ($op == "getPersonalInfo"){
        		$str = "SELECT parola, mail, phone, cr_total, cr_ramas, cr_consumat FROM clienti WHERE nume='$nume'";
        		$result = mysql_query($str,$id_connect);
        		if(!$result){
					send_error2(5);
				}
        		$value = mysql_fetch_assoc($result);
        		$continut = "<row parola=\"".$value['parola']."\" mail=\"".$value['mail']."\" phone=\"".$value['phone']."\" total=\"".$value['cr_total']."\" ramas=\"".$value['cr_ramas']."\" consumat=\"".$value['cr_consumat']."\" />";
        		build_xml_packet2($continut);
        	}
        //######################################################################
        if ($op == "getPriceList"){
        		$str = "SELECT * FROM credit_clienti WHERE nume='$nume' ORDER BY marca ASC, model ASC, companie ASC";
        		$result = mysql_query($str,$id_connect);
        		$count = 0;
        		while ($value = mysql_fetch_assoc($result))
            	{
            		$count +=1;
					$continut .= "<row count=\"$count\" marca=\"".$value['marca']."\" model=\"".$value['model']."\" companie=\"".$value['companie']."\" cost=\"".$value['cost']."\" />";		
            	}
            	build_xml_packet2($continut);        		
        	}
        //######################################################################
        if ($op == "getPayment"){
        		$str = "SELECT * FROM plati WHERE nume='$nume'";
        		$result = mysql_query($str,$id_connect);
        		if(!$result){
					send_error2(5);
				}
				$count = 0;
        		while ($value = mysql_fetch_assoc($result))
            	{
            		$count +=1;
            		$data_plata = date("M/d/Y H:i",$value['data_plata']);
					$continut .= "<row count=\"$count\" info=\"".htmlentities($value['comentariu'])."\" amount=\"".$value['suma']."\" data=\"".$data_plata."\" />";		
            	}
            	build_xml_packet2($continut); 
        	}
        //######################################################################
        if ($op == "updatePersonalInfo"){
        	$pass = mysql_real_escape_string($_POST['pass']);
        	$mail = mysql_real_escape_string($_POST['mail']);
        	$phone = mysql_real_escape_string($_POST['phone']);
        	$str = "UPDATE clienti SET parola='$pass', mail='$mail', phone='$phone' WHERE nume='$nume'";
        	$result = mysql_query($str,$id_connect);
        	if(!$result){
				send_error2(5);
			}else{
				send_confirmation(8);
			}
        	}
        //######################################################################
        if ($op == "clSendImei"){
        	$marca = mysql_real_escape_string($_POST['marca']);
            $model = mysql_real_escape_string($_POST['model']);
            $companie = mysql_real_escape_string($_POST['companie']);
            $imei = mysql_real_escape_string($_POST['imei']);
            //check imei
            if (!is_numeric($imei) || (strlen($imei) != 15))
            {
                send_error2(1);
            }
			//verifica daca tipul de credit exista inregistrat la client si scoate pretul
            $str = "SELECT cost from credit_clienti WHERE nume='$nume' AND marca='$marca' AND model='$model' AND companie='$companie'";
            $result = mysql_query($str, $id_connect);
            $num = mysql_num_rows($result);
            if ($num != 1)
            {
                send_error2(2);
            }
            //get imei cost
            $value = mysql_fetch_assoc($result);
            $cost = $value['cost'];
            //paranoia, cost verificare
            if (!is_numeric($cost) || ($cost <= 0))
            {
                send_error2(3);
            }
            //mai intai check credit
            $str = "SELECT cr_ramas from clienti WHERE nume='$nume'";
            $result = mysql_query($str, $id_connect);
            $value = mysql_fetch_assoc($result);
            $cr_ramas = $value['cr_ramas'];
            if ($cr_ramas >= $cost){
				//se verifica daca nu exista deja imeiul
                $str = "SELECT imei,unlock_code from coduri WHERE imei='$imei'";
                $result = mysql_query($str, $id_connect);
                $num = mysql_num_rows($result);
                if ($num != 0)
                {
                    send_error2(4);
                }
                //insert imei
                $data_in = time();
                $data_out = "";
                $status = "wait";
                $str = "INSERT INTO coduri (nume, imei, marca, model, companie, data_in, data_out, cost, status) VALUES ('$nume','$imei','$marca','$model','$companie','$data_in','$data_out','$cost','$status')";
                $result = mysql_query($str, $id_connect);
                if (!$result)
                {
                    send_error2(5);
                }
                //update credit
                $str = "UPDATE clienti SET cr_consumat=cr_consumat+$cost, cr_ramas=cr_ramas-$cost WHERE nume='$nume'";
                mysql_query($str, $id_connect);
                //write mysql log
            	write_mysql_log($nume," cu imeiul ".$imei." ".$op,$str,$id_connect);
                //send email to john
                if (isset($_POST['specialCode']))
                {
                    $spec_code = mysql_real_escape_string($_POST['specialCode']);
                    send_mail_to_admin($imei, $nume, $marca, $model, $companie, $spec_code);
                }
                else
                {
                    send_mail_to_admin($imei, $nume, $marca, $model, $companie);
                }
                //all is ok. Back raspunst to client
                send_confirmation(7);
			}else{
				send_error2(0);
			}
		}
        //######################################################################
        //  OLD SECTION                                        ######################################################################
        if ($op == "get_marca")
        {
            //XML expected
            //se scot marcile pentru a popula combo
            $str = "SELECT marca from marca ORDER BY marca ASC";
            $result = mysql_query($str, $id_connect);
            $continut = "";
            while ($value = mysql_fetch_assoc($result))
            {
                //se construieste coprul xml-ului
                $continut .= "<row label=\"" . $value['marca'] . "\" />";
            }
            //trimite back catre server
            build_xml_packet(9, $continut);
        }
        //#########################################################################
        if ($op == "get_model")
        {
            //XML expected
            $marca = mysql_real_escape_string($_POST['marca']);
            $str = "SELECT model FROM model WHERE marca='$marca' ORDER BY model ASC";
            $result = mysql_query($str, $id_connect);
            $continut = "";
            while ($value = mysql_fetch_assoc($result))
            {
                //se construieste coprul xml-ului
                $continut .= "<row label=\"" . $value['model'] . "\" />";
            }
            //trimite back catre server
            build_xml_packet(9, $continut);
        }
        //#########################################################################
        if ($op == "get_companie_credit")
        {
            //XML expected
            $model = mysql_real_escape_string($_POST['model']);
            $marca = mysql_real_escape_string($_POST['marca']);
            $str = "SELECT companie FROM credit WHERE marca='$marca' AND model='$model' ORDER BY companie ASC";
            $result = mysql_query($str, $id_connect);
            $continut = "";
            while ($value = mysql_fetch_assoc($result))
            {
                //se construieste coprul xml-ului
                $continut .= "<row label=\"" . $value['companie'] . "\" />";
            }
            //trimite back catre server
            build_xml_packet(9, $continut);
        }
        //#########################################################################
        if ($op == "get_pret")
        {
            //String expected
            $marca = mysql_real_escape_string($_POST['marca']);
            $model = mysql_real_escape_string($_POST['model']);
            $companie = mysql_real_escape_string($_POST['companie']);
            //$nume = mysql_real_escape_string($_POST['nume']);
            $str = "SELECT cost FROM credit_clienti WHERE nume='$nume' AND marca='$marca' AND model='$model' AND companie='$companie'";
            $result = mysql_query($str, $id_connect);
            $num = mysql_num_rows($result);
            if ($num == 1)
            {
                $value = mysql_fetch_assoc($result);
                $cost = $value['cost'];
                //data reprezinta pret. data este atribuita propritatii str_out din class LoaderVlad
                $continut = "<row cost=\"$cost\" />";
                build_xml_packet(9, $continut);
            }
            else
            {
                //asta inseamna nici un rezultat sau mai multe
                send_error_xml(11);
            }
        }
        //#########################################################################
        if ($op == "get_imei_list")
        {
            //XML expected
            //$nume = mysql_real_escape_string($_POST['nume']);
            $str = "SELECT * FROM coduri WHERE nume='$nume' ORDER BY data_in DESC LIMIT 50";
            $result = mysql_query($str, $id_connect);
            $num = mysql_num_rows($result);
            $continut = "";
            $count = 0;
            //do output
            while ($value = mysql_fetch_assoc($result))
            {
                $count++;
                $data_in = date("d-M-y H:i", $value['data_in']);
                if ($value['data_out'] != "")
                {
                    $data_out = date("d-M-y H:i", $value['data_out']);
                }
                else
                {
                    $data_out = "";
                }
                //se construieste coprul xml-ului
                $continut .= "<row no=\"" . $count . "\" marca=\"" . $value['marca'] . "\" model=\"" .
                    $value['model'] . "\" companie=\"" . $value['companie'] . "\" imei=\"" . $value['imei'] .
                    "\" unlock=\"" . $value['unlock_code'] . "\" data_in=\"" . $data_in . "\" data_out=\"" .
                    $data_out . "\" cost=\"" . $value['cost'] . "\" />";
            }
            build_xml_packet(9, $continut, $num);
        }
        //#########################################################################
        if ($op == "get_imei_list_vechi")
        {
            //XML expected
            $id_connect = connect_to_database(HOST, USER, PASS, "imeiserver");
            //$nume = mysql_real_escape_string($_POST['nume']);
            $str = "SELECT imei.imei, imei.unlock_code, imei.formated_imei_type, imei.data_in, imei.data_out FROM clienti, imei WHERE clienti.nume='$nume' AND clienti.id=imei.user_id ORDER BY data_in DESC LIMIT 50";
            $result = mysql_query($str, $id_connect);
            $num = mysql_num_rows($result);
            $continut = "";
            $count = 0;
            //do output
            while ($value = mysql_fetch_assoc($result))
            {
                $count++;
                $data_in = date("d-M-y H:i", $value['data_in']);
                if ($value['data_out'] != "")
                {
                    $data_out = date("d-M-y H:i", $value['data_out']);
                }
                else
                {
                    $data_out = "";
                }
                //se construieste coprul xml-ului
                $continut .= "<row no=\"" . $count . "\" imei=\"" . $value['imei'] . "\" unlock=\"" .
                    $value['unlock_code'] . "\" tipo=\"" . $value['formated_imei_type'] . "\" data_in=\"" .
                    $data_in . "\" data_out=\"" . $data_out . "\" />";
            }
            build_xml_packet(9, $continut, $num);
        }
        //#########################################################################
        if ($op == "get_imei_search")
        {
            //XML expected
            $imei = mysql_real_escape_string($_POST['imei']);
            //$nume = mysql_real_escape_string($_POST['nume']);
            $str = "SELECT * FROM coduri WHERE imei LIKE '%$imei%' and nume='$nume' ORDER BY data_in DESC LIMIT 50";
            $result = mysql_query($str, $id_connect);
            $num = mysql_num_rows($result);
            $continut = "";
            $count = 0;
            //do output
            while ($value = mysql_fetch_assoc($result))
            {
                $data_in = date("d-M-y H:i", $value['data_in']);
                $count++;
                if ($value['data_out'] != "")
                {
                    $data_out = date("d-M-y H:i", $value['data_out']);
                }
                else
                {
                    $data_out = "";
                }
                //se construieste coprul xml-ului
                $continut .= "<row no=\"" . $count . "\" marca=\"" . $value['marca'] . "\" model=\"" .
                    $value['model'] . "\" companie=\"" . $value['companie'] . "\" imei=\"" . $value['imei'] .
                    "\" unlock=\"" . $value['unlock_code'] . "\" data_in=\"" . $data_in . "\" data_out=\"" .
                    $data_out . "\" cost=\"" . $value['cost'] . "\" />";
            }
            build_xml_packet(9, $continut, $num);
        }
        //#########################################################################
        if ($op == "get_imei_search_vechi")
        {
            //XML expected
            $id_connect = connect_to_database(HOST, USER, PASS, "imeiserver");
            $imei = mysql_real_escape_string($_POST['imei']);
            //$nume = mysql_real_escape_string($_POST['nume']);
            $str = "SELECT imei.imei, imei.unlock_code, imei.formated_imei_type, imei.data_in, imei.data_out FROM clienti, imei WHERE clienti.nume='$nume' AND clienti.id=imei.user_id AND imei.imei LIKE '%$imei%' ORDER BY data_in DESC LIMIT 50";
            $result = mysql_query($str, $id_connect);
            $num = mysql_num_rows($result);
            $continut = "";
            $count = 0;
            //do output
            while ($value = mysql_fetch_assoc($result))
            {
                $data_in = date("d-M-y H:i", $value['data_in']);
                $count++;
                if ($value['data_out'] != "")
                {
                    $data_out = date("d-M-y H:i", $value['data_out']);
                }
                else
                {
                    $data_out = "";
                }
                //se construieste coprul xml-ului
                $continut .= "<row no=\"" . $count . "\" imei=\"" . $value['imei'] . "\" unlock=\"" .
                    $value['unlock_code'] . "\" tipo=\"" . $value['formated_imei_type'] . "\" data_in=\"" .
                    $data_in . "\" data_out=\"" . $data_out . "\" />";
            }
            build_xml_packet(9, $continut, $num);
        }
        //#########################################################################
        if ($op == "get_personal_info")
        {
            //xml expected
            //$nume = mysql_real_escape_string($_POST['nume']);
            $str = "SELECT * FROM clienti WHERE nume='$nume'";
            $result = mysql_query($str, $id_connect);
            $num = mysql_num_rows($result);
            if ($num != 1)
            {
                send_error_xml(11);
            }
            $value = mysql_fetch_assoc($result);
            $continut = "<row parola=\"" . $value['parola'] . "\" mail=\"" . $value['mail'] .
                "\" phone=\"" . $value['phone'] . "\" total=\"" . $value['cr_total'] . "\" ramas=\"" .
                $value['cr_ramas'] . "\" consumat=\"" . $value['cr_consumat'] . "\" />";
            build_xml_packet(9, $continut);

        }
        //########################################################################
        if ($op == "get_credit_list")
        {
            //XML return pentru afisare
            //$nume = mysql_real_escape_string($_POST['nume']);
            $continut = "";
            $count = 0;
            $str = "SELECT marca, model, companie, cost FROM credit_clienti WHERE nume='$nume'";
            $result = mysql_query($str, $id_connect);
            while ($value = mysql_fetch_assoc($result))
            {
                $count++;
                $continut .= "<row no=\"" . $count . "\" marca=\"" . $value['marca'] . "\" model=\"" .
                    $value['model'] . "\" companie=\"" . $value['companie'] . "\" cost=\"" . $value['cost'] .
                    "\"  />";
            }
            build_xml_packet(9, $continut);
        }
        //########################################################################
        if ($op == "get_credit_client")
        {
            //XML return pentru afisare
            //$nume = mysql_real_escape_string($_POST['nume']);
            $str = "SELECT cr_total, cr_ramas, cr_consumat FROM clienti WHERE nume='$nume'";
            $result = mysql_query($str, $id_connect);
            $value = mysql_fetch_assoc($result);
            $continut = "<row ramas=\"" . $value['cr_ramas'] . "\" />";
            build_xml_packet(9, $continut);
        }
        //#########################################################################
        if ($op == "get_plati")
        {
            //XML expected
            //$nume = mysql_real_escape_string($_POST['nume']);
            $str = "SELECT * FROM plati WHERE nume='$nume' ORDER BY data_plata DESC LIMIT 50";
            $result = mysql_query($str, $id_connect);
            $continut = "";
            $count = 0;
            while ($value = mysql_fetch_assoc($result))
            {
                $count++;
                $data_plata = date("d-M-y H:i", $value['data_plata']);
                $continut .= "<row no=\"" . $count . "\" nume=\"" . $value['nume'] . "\" comentariu=\"" .
                    htmlentities($value['comentariu']) . "\" suma=\"" . $value['suma'] . "\" data=\"" . $data_plata .
                    "\" />";
            }
            build_xml_packet(9, $continut);
        }
        //#########################################################################
        if ($op == "update_client_data")
        {
            //string expected
            //$nume = mysql_real_escape_string($_POST['nume']);
            $parola = mysql_real_escape_string($_POST['parola']);
            $mail = mysql_real_escape_string($_POST['mail']);
            if ($nume == "test")
            {
                send_error_xml(22);
            }
            if (!checkEmail($mail))
            {
                send_error_xml(15);
            }
            $phone = mysql_real_escape_string($_POST['phone']);
            $str = "UPDATE clienti SET parola='$parola', mail='$mail', phone='$phone' WHERE nume='$nume'";
            mysql_query($str, $id_connect);
            //return data cu noile valori
            $str = "SELECT parola, mail, phone FROM clienti WHERE nume='$nume'";
            $result = mysql_query($str, $id_connect);
            $value = mysql_fetch_assoc($result);
            $continut .= "<row parola=\"" . $value['parola'] . "\" mail=\"" . $value['mail'] .
                "\" phone=\"" . $value['phone'] . "\" />";
            build_xml_packet(9, $continut);
        }
        //#########################################################################
    }
    else
    {
        send_error2(8);
    }
}
else
{
    send_error2(6);
}
?>
